Posted on 01/18/2005 12:08:18 PM PST by UseYourHead
A number of high-risk vulnerabilities in Oracle's database products were announced today by Next Generation Security Software [NGSS] in what is likely the first news in Oracle Corp.'s new quarterly patching schedule.
Surrey, U.K.-based NGSS said all versions of the Oracle Database 10g and Oracle 9i Database Server are vulnerable to the flaws, which include a buffer overflow vulnerability and PL/SQL injection vulnerabilities that allow low-privileged users to gain DBA privileges. The latter flaws can be exploited via the Web through the Oracle Application Server, NGSS said.
Oracle has released a patch set [18/01/2005] to address these vulnerabilities. NGSS said Oracle database administrators are urged to download, test and install the patch set as soon as possible.
Details on the flaws are sketchy at this point. NGSS said it will withhold information on the flaws until April 18, allowing Oracle database users three months to test and apply patches.
This article will be updated when additional information is available.
Great! I have 200 shares of Oracle stock.
Sell. Fast.
And then sell short.
Naw. I'll hold onto them. They've split twice on me already.
This is just a little bump in the road. Hold those shares!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.